CORONAVIRUS - IT - 15.04.2020

Keep your email secure

If your staff work away from the office the email services they use might not be secure and could allow hackers a way into your firm’s system. What security measures are available to make sure emails and the information in them stay safe?

Less secure circumstances

Keeping your emails private is important. No one wants their personal messages read or confidential information revealed. The trouble is the risk may be increased because are staff working away from their normal workplace. They may be using PCs or other devices that don’t belong to them, and be unfamiliar with or not secured by your firm’s network. However, there are simple steps you can take to mitigate the risks.

The basic security steps

When you log in via a webmail service, your browser will suggest saving the password you enter. Refuse this offer if there are others who use your device from time to time, and especially if you log in to your webmail on someone else’s device or on a public computer. Also, don’t forget to log off before closing your browser, otherwise the login will remain active on the device for a while.

Tip. Make sure you sign out of Gmail when you finish using a device. On any device you use clicking on Details at the bottom right will produce an overview of all the activity on your account, and you can sign out of all other active Gmail web sessions in one go there. Note. In a mobile or desktop email app, you need to enter your password only once, when setting up your account and your email will be visible automatically as soon as you launch the app. It is therefore crucial that your device should be adequately secured by means of a password, fingerprint or face recognition.

More sophisticated security

It’s good practice to use two-step verification, sometimes called two-factor authentication. It’s available in Gmail, Outlook.com and some other email services. Here’s how it works in practice.

  • To enable two-step verification on your Google or Microsoft account you need to register your mobile device (see The next step ). When you have done this, it will apply to everything associated with your Google or Microsoft account, e.g. your Windows sign-in.
  • When signing in for the first time you’ll be asked to enter your password as usual. A code will then be sent by text to your mobile or a verification app. You (and more importantly anyone else) can only get access to your email by entering the code.

Tip. On your trusted devices, you can choose to have this two-step procedure repeated only once every 30 or 60 days.

If you use your Gmail or Outlook address in a mobile or desktop email app there’s a way to guard against others opening it. Recent email apps on PCs and mobiles are already compatible with two-step verification, although you might have to delete your account from the app first and then add it again. In this case, your password and the second code will be requested before you can open the app.

Tip. If your app does not yet support two-step verification, you can create an app password (see The next step ), which prevents someone else opening your email app without entering the app password.

For links on how to enable two-step verification and to how to create an app password, visit http://tipsandadvice-business.co.uk/download (CD 21.14.02).

Remind remote working staff to keep email as secure as possible by using a strong and unique password and by locking all their devices when unattended. In addition, use two-step verification if the email provider offers this feature. If not, use an app password to prevent others opening their email service.

© Indicator - FL Memo Ltd

Tel.: (01233) 653500 • Fax: (01233) 647100

subscriptions@indicator-flm.co.ukwww.indicator-flm.co.uk

Calgarth House, 39-41 Bank Street, Ashford, Kent TN23 1DQ

VAT GB 726 598 394 • Registered in England • Company Registration No. 3599719